Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d841ec13 by Salvatore Bonaccorso at 2026-06-19T21:58:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2026-56142 (In JetBrains Hub before 2026.1.13757,
2025.3.148033, 2025.2.1480
CVE-2026-56141 (In JetBrains Hub before 2026.1.13757, 2025.3.148033,
2025.2.148048, 20 ...)
NOT-FOR-US: JetBrains
CVE-2026-56138 (AIL framework contains a path traversal vulnerability in the
/objects/ ...)
- TODO: check
+ NOT-FOR-US: AIL framework
CVE-2026-53915 (In JetBrains GoLand before 2026.1.3 remote code execution was
possible ...)
NOT-FOR-US: JetBrains
CVE-2026-51846 (In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route
/goform ...)
@@ -53,11 +53,11 @@ CVE-2026-49872 (Improper Authentication vulnerability in
Apache APISIX. When th
CVE-2026-49871 (Cross-Site Request Forgery (CSRF) vulnerability in the
cas-auth plugin ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49359 (PhpWeasyPrint is a PHP library allowing PDF generation from a
URL or a ...)
- TODO: check
+ NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
CVE-2026-49358 (PhpWeasyPrint is a PHP library allowing PDF generation from a
URL or a ...)
- TODO: check
+ NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
CVE-2026-49357 (Line Desktop MCP is a project that, while unaffiliated with
the offici ...)
- TODO: check
+ NOT-FOR-US: Line Desktop MCP
CVE-2026-49339 (gonic is a music streaming server / free-software subsonic
server API ...)
TODO: check
CVE-2026-49336 (@microsoft/kiota-http-fetchlibrary provides TypeScript
libraries for K ...)
@@ -65,19 +65,19 @@ CVE-2026-49336 (@microsoft/kiota-http-fetchlibrary provides
TypeScript libraries
CVE-2026-49293 (js-toml is a TOML parser for JavaScript, fully compliant with
the TOML ...)
TODO: check
CVE-2026-49291 (mcp-memory-service is a semantic memory layer for AI
applications. Pri ...)
- TODO: check
+ NOT-FOR-US: mcp-memory-service
CVE-2026-49290 (Slopsmith is a self-contained web application for browsing,
playing, a ...)
- TODO: check
+ NOT-FOR-US: Slopsmith
CVE-2026-49288 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
- TODO: check
+ NOT-FOR-US: Statamic CMS
CVE-2026-49287 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
- TODO: check
+ NOT-FOR-US: Statamic CMS
CVE-2026-49286 (PhpWeasyPrint is a PHP library allowing PDF generation from a
URL or a ...)
- TODO: check
+ NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
CVE-2026-49271 (libheif is a HEIF and AVIF file format decoder and encoder.
Prior to v ...)
TODO: check
CVE-2026-49260 (PhpWeasyPrint is a PHP library allowing PDF generation from a
URL or a ...)
- TODO: check
+ NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
CVE-2026-49231 (Authentication Bypass by Spoofing vulnerability in opa plugin.
An att ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49230 (Improper Validation of Integrity Check Value vulnerability in
Apache A ...)
@@ -101,7 +101,7 @@ CVE-2026-47339 (Incorrect Authorization vulnerability in
Apache APISIX. An atta
CVE-2026-46461 (Dell Server Hardware Manager, versions prior to 3.2.2,
contains an Imp ...)
NOT-FOR-US: Dell / EMC
CVE-2026-44939 (A command injection vulnerability in the Rancher Manager
cluster befor ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2026-44915 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in A ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44087 (Insufficient Verification of Data Authenticity vulnerability
in Apache ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d841ec13bb8f058e3c0864116694a188838c6d00
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d841ec13bb8f058e3c0864116694a188838c6d00
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits